Nginx and conditional logformat

Marcello Lorenzi cello86 at gmail.com
Thu Aug 1 11:16:45 UTC 2019


Hi Max.

In our idea with this configuration all the requests use the sslclient
logformat and in case of failure with the certificate the logformat that
will be used is sslclientfull.



Into the location / we enable the ssl_verify_client to optional and
actually we have some if with the variabile $ssl_client_verify to provide a
customized message to the users. It seems that the set variable is not
working into the if statement.

We can’t use the “map” parameter because it works only to a http block and
not into location block.

Thanks,
Marcello


Regards,

Marcello

On Mon, Jul 29, 2019 at 3:02 PM Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
>
> On Fri, Jul 26, 2019 at 03:49:05PM +0200, Marcello Lorenzi wrote:
>
> > Hi Maxim,
> > I tried to configure the location with this example:
> >
> > server  {
> >         access_log  logs/access_log sslclient;
> >
> >         location / {
> >
> >             if ($ssl_client_verify != "SUCCESS") {
> >                 set $loggingcert 1;
> >             }
> >
> >             access_log  logs/access_log sslclientfull if=$loggingcert;
> >
> >         }
> >
> > }
> >
> > I noticed that all the request inherit the first access_log configuration
> > and not the conditional.
>
> In the configuration in question, all requests handled in
> "location /" will either use the "sslclientfull" log format, or
> won't be logged at all.
>
> If this is not what you observe, most likely you've missed
> something an requests are either not handled in the server in
> question, or not handled in "location /".  For example, this
> may happen if you are using "ssl_verify_client on;" and all
> requests without proper client certificates are terminated with
> error 400 in the server context before any processing, hence they
> are not handled in "location /".
>
> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190801/5d9c0b0f/attachment-0001.html>


More information about the nginx mailing list